!48 [sync] PR-47: Support build with clang

From: @openeuler-sync-bot 
Reviewed-by: @weidongkl 
Signed-off-by: @weidongkl

backport-0001-CVE-2023-4863.patch

@@ -0,0 +1,43 @@
+From 95ea5226c870449522240ccff26f0b006037c520 Mon Sep 17 00:00:00 2001
+From: Vincent Rabaud <vrabaud@google.com>
+Date: Mon, 11 Sep 2023 16:06:08 +0200
+Subject: [PATCH] Fix invalid incremental decoding check.
+
+The first condition is only necessary if we have not read enough
+(enough being defined by src_last, not src_end which is the end
+of the image).
+The second condition now fits the comment below: "if not
+incremental, and we are past the end of buffer".
+
+BUG=oss-fuzz:62136
+
+Change-Id: I0700f67c62db8e1c02c2e429a069a71e606a5e4f
+---
+
+diff --git a/src/dec/vp8l_dec.c b/src/dec/vp8l_dec.c
+index 5ab34f5..809b1aa 100644
+--- a/src/dec/vp8l_dec.c
++++ b/src/dec/vp8l_dec.c
+@@ -1233,9 +1233,20 @@
+   }
+ 
+   br->eos_ = VP8LIsEndOfStream(br);
+-  if (dec->incremental_ && br->eos_ && src < src_end) {
++  // In incremental decoding:
++  // br->eos_ && src < src_last: if 'br' reached the end of the buffer and
++  // 'src_last' has not been reached yet, there is not enough data. 'dec' has to
++  // be reset until there is more data.
++  // !br->eos_ && src < src_last: this cannot happen as either the buffer is
++  // fully read, either enough has been read to reach 'src_last'.
++  // src >= src_last: 'src_last' is reached, all is fine. 'src' can actually go
++  // beyond 'src_last' in case the image is cropped and an LZ77 goes further.
++  // The buffer might have been enough or there is some left. 'br->eos_' does
++  // not matter.
++  assert(!dec->incremental_ || (br->eos_ && src < src_last) || src >= src_last);
++  if (dec->incremental_ && br->eos_ && src < src_last) {
+     RestoreState(dec);
+-  } else if (!br->eos_) {
++  } else if ((dec->incremental_ && src >= src_last) || !br->eos_) {
+     // Process the remaining rows corresponding to last row-block.
+     if (process_func != NULL) {
+       process_func(dec, row > last_row ? last_row : row);

libwebp.spec

@@ -1,12 +1,13 @@
 Name:          libwebp
-Version:       1.3.0
+Version:       1.3.2
-Release:       1
+Release:       3
-URL:           http://www.linuxfromscratch.org/blfs/view/svn/general/libwebp.html
+URL:           https://www.webmproject.org
 Summary:       Library and tools for the WebP graphics format
 License:       BSD
 Source0:       http://downloads.webmproject.org/releases/webp/%{name}-%{version}.tar.gz
 
 Patch6000:     libwebp-freeglut.patch
+Patch6001:     backport-0001-CVE-2023-4863.patch
 
 BuildRequires: libjpeg-devel libpng-devel giflib-devel libtiff-devel
 BuildRequires: java-devel jpackage-utils swig freeglut-devel
@@ -66,7 +67,7 @@ swig -ignoremissing -I../src -java \
     -outdir java/com/google/webp \
     -o libwebp_java_wrap.c libwebp.swig
 
-gcc %{__global_ldflags} %{optflags} -shared \
+%{__cc} %{__global_ldflags} %{optflags} -shared \
     -I/usr/lib/jvm/java/include \
     -I/usr/lib/jvm/java/include/linux \
     -I../src \
@@ -112,6 +113,24 @@ cp swig/*.jar swig/*.so %{buildroot}/%{_libdir}/%{name}-java/
 %{_mandir}/man*/*
 
 %changelog
+* Thu Feb 22 2024 luofng <luofeng13@huawei.com> - 1.3.2-3
+- Type: enhencement
+- CVE:NA
+- SUG:NA
+- DESC:support for building with clang
+
+* Tue Sep 26 2023 liweigang <liweiganga@uniontech.com> - 1.3.2-2
+- backport CVE-2023-4863
+
+* Fri Sep 15 2023 Funda Wang <fundawang@yeah.net> - 1.3.2-1
+- update to 1.3.2
+
+* Fri Jul 21 2023 zhangpan <zhangpan103@h-partners.com> - 1.3.1-1
+- update to 1.3.1
+
+* Fri May 26 2023 zhangpan <zhangpan103@h-partners.com> - 1.3.0-2
+- fix CVE-2023-1999
+
 * Fri Feb 03 2023 zhouwenpei <zhouwenpei1@h-partners.com> - 1.3.0-1
 - update to 1.3.0